Re: Proposal: restrict link(2)

Stuart Auchterlonie (stuarta@sitebox.foxln.com.au)
Thu, 12 Dec 1996 08:17:17 +1100 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Richard B. Johnson: "Re: Memory intensive processes"
Previous message: Jose Vilmar Estacio de Souza: "X25 and linux"
In reply to: Thomas Koenig: "Proposal: restrict link(2)"
Next in thread: Matthias Urlichs: "Re: Proposal: restrict link(2)"

[most of discussion on /tmp deleted...]

>
> My proposal would be to disallow linking a file into a directory which
> has the sticky bit set unless the owner of the file is attempting this.
> In other words, Joe Random Cracker can't do a 'ln /etc/passwd /tmp/foo'
> beforehand.
>
> Comments?

Have a look at the linux-security archives over the last month
or two. There was a whole discussion on the assorted insecurities
of /tmp and how we might go around fixing them.

Maybe even a patch or two :)

btw. Does this sound more like a linux-security issue than a
linux-kernel issue ???

> --
> Thomas Koenig, Thomas.Koenig@ciw.uni-karlsruhe.de, ig25@dkauni2.bitnet.
> The joy of engineering is to find a straight line on a double
> logarithmic diagram.
>

Regards,
Stuart Auchterlonie stuarta@foxln.com.au

Next message: Richard B. Johnson: "Re: Memory intensive processes"
Previous message: Jose Vilmar Estacio de Souza: "X25 and linux"
In reply to: Thomas Koenig: "Proposal: restrict link(2)"
Next in thread: Matthias Urlichs: "Re: Proposal: restrict link(2)"